Friday, June 29, 2018

A concert, sports, hamburgers and social networks

The day you have been waiting for so long has finally arrived. Your favorite singer comes to town and you could not miss it. You bought your ticket months ago and now it is time to set everything up. New trainers to resist a few hours of non-stop jumping, sharing a picture on the social networks to inform about the hours remaining and eating some fast-food in the way before getting in line to be on the first row. 

But, maybe other groups, that are not the ones attending the concert, have access to all the personal data thanks to simple things such as buying new trainers of a specific brand, or getting a ticket through the internet.


Wednesday, June 27, 2018

The invisible enemy

It is very common in young children to cover their eyes or hide when facing situations that scare them. They believe that if they do not see the problem through their own eyes, it will just disappear. Something similar happens with web filtering. Web filtering software takes two principal kinds of clients into account: parents that want to avoid their kids’ access to unappropriated content and companies that wish to avoid their employees’ access to websites that are not related to their work activities. 

Making the malicious content invisible is a really common practice in companies in order to prevent their employees from visiting unreliable sites, so they can keep their information safe.


Monday, June 25, 2018

Excel table

Who has never found an Excel file with thousands of datum that he has not been able to face? Formulas, numbers, cells... And everything is there to facilitate the work and access and store datum in a more organized way. Of course, more organized in case the person knows how to work on these datum the right way. If that’s not the case, you can find yourself overwhelmed by digits, letters, and a disorganization that can put your work in danger.

According to Christopher Ott, a former senior counterintelligence and cyber counsel at the Department of Justice’s (DOJ) National Security Division, getting lost between metrics, datum and tools whose functions are unknown, entails a threat as big as not having them.


Friday, June 22, 2018

Ghosts of the past and the future

As in the famous "A Christmas Carol" by Charles Dickens, ghosts always come back. In this case, we are referring to the ghosts of cybersecurity. In this world, technological progress do not stop and with them, new vulnerabilities that put our information in danger show up.
Being updated about everything and an education applied to the workers of the organizations is essential in order to avoid falling into the same past mistakes and future troubles. 

Every day, new problems and vulnerabilities come up, which the cyber attackers use to get their objectives, but in other occasions ‘’old ghosts from the past’’ take advantage of those vulnerabilities that were not solved in time again.


Wednesday, June 20, 2018

The employee of the month

Many organizations count on monthly award programs with the goal of recognizing the achievements and efforts of their members. The employee of the month turns to be the reference worker of the companies thanks to his/hers good work. Companies show bigger compromises towards their contributors day by day and develop endless activities with the goal of encouraging motivation and strengthen the commitment ties. But, what happens with the rest of the employees?


According to the poll made by Ipsos, 1 out of every 3 workers in the USA admits a potentially risky behavior at work. A really worrying fact that brings up important security problems for American companies.


Monday, June 18, 2018

Anticipate the threats

We live in a time where jewelry theft is forgotten and we can only see it in 90’s movies. Nowadays, data stealing is the trend. Thieves are not going into museums looking for the biggest diamonds, but into digital ecosystems.  These threats are way more difficult to manage. From a terrorist attack to a natural disaster, are the consequences that these stealing can lead to. We are all in danger in one way or another. The diamonds stealing in an American way is no longer remembered and now, a new kind of thieve is the thief of the XXI century.



Everbridge, the company is charge of these critical events helps governments and companies not only to react but to get ready and to anticipate to possible threats. Javier Colado, SVP of International Sales at Everbridge, shows us how the company works with companies when attacks happen or when they have not happened yet.


Friday, June 15, 2018

3 of the big ones

Russia, the United States and North Korea, three of the countries which are on our screens every day. They are currently three of the world powers that occupy the front pages in all the newspapers of the world in economic, social and political topics, and not precisely because of their good relationship. Tension is felt on the air and it would not be less in cybersecurity terms. ¿Are we going to abandon traditional war in order to initiate a cyberwar? The first steps are already taking place...


The relationships between Russia, The United States and North Korea regarding cybersecurity, are hidden. Invisible and suspicious attacks, and not a clear attacker, these are the characteristics that set this week’s actuality.


Wednesday, June 13, 2018

An express kidnapping

In most cop thriller movies, bank robbers’ modus operandi consists on getting into a bank with guns so that, within the shortest possible time,  the employees have to get bundles of bills into bags, and then running away from the crime scene as soon as possible. Each one might be different, but it always pursues the same goal: to get the loot in a few minutes and get away without raising suspicions and with the minimum consequences. 


This is the situation that many businesses face at some point if their systems are not properly protected. They might find the message ‘’all the files in your computer have been blocked. Pay for their ransom within 24 hours in order to get the key, otherwise…’’


Monday, June 11, 2018

Guess who?

I am sure that when you were a kid, you must have played the famous ‘Guess Who’ over a million times, the game in which you had to try and guess the character your rival was hiding. Through some questions you had to eliminate options till you hit the nail on the head. In the world of cybersecurity, games do not exist. Every single attack has an origin and a cyber attacker behind, which in this case, cannot be found through some simple questions. Behind every cyber attack there is an executor, but what if the origins came from a State?


Every important cyberattack is followed by the question of ‘who is behind this? ‘what they want to achieve?’, and most importantly, whether the attack is sponsored by any state or nation. This states, such as Russia, China, or North Korea, are usually the principal suspects of these attacks. But, is the idea of cyber attacks being sponsored by the states too exaggerated?


Friday, June 8, 2018

One goal for the squad

A few days are left before the 2018 Football World Cup takes place in Russia and more people can be seen with their football team t-shirt supporting their team and their country. A lot of tourists are going to spend their holidays in Russia as real football fans, but in this event there’s a team you didn’t know about. When players are focused on winning the games, a lot of hackers are waiting for the perfect moment to score. 


When connecting to a public network, when you don’t know the signal is coming or by trusting the apps you use every day, you’re risking your information.


Wednesday, June 6, 2018

The leader of the battle against cybersecurity

In the movie 300, Spartan King Leonidas and his 300 warriors fight to the death against the “god-king” Jerjes I and his army of more than 100.000 soldiers. A battle in inequality in which Leonidas is the thinking mind that must think of tactics to win the war. You can’t win the battle without a plan, knowing the opponent, establishing a strategy and choosing a leader. In cybersecurity world it happens the same, the number of enemies is much more than 100.000 and it’s were battles are fight every day. As a company, you have the chance to create a team manager and fight the enemy. 

Because of a lack of talent in cybersecurity, it can paralyze companies, but, what if we teach a person to lead a team?



Monday, June 4, 2018

Everyone to his own taste

As in every aspect in our lives, a good advice in time or knowing other’s points of view about how they think of you can help you make decisions. In cybersecurity world, points of view and opinions are also necessary. In most occasions, it’s a teamwork that can have its pros and cons, but it always should focus on the problem and that problem in security. 


Increasing the diversity in cybersecurity equipment can increase their capacity to solve cybersecurity challenges by thinking diversity. This is explained by Grant Bourzikas. CISO in McAfee.


Friday, June 1, 2018

A new game in the video game

It’s the 80s, where Space Invaders appeared for the first time, a video game whose goal was to eliminate alien spaceships with a laser canyon in order to obtain the highest score possible.  Alien spaceships that want to invade a planet. Classic. In cybersecurity, it happens just the same. It’s not about attacking; it’s about defending your privacy and data so that the dangerous aliens won’t get them. 

This week has been decisive in the cybersecurity world, after the implementation of the GDPR (General Data Protection Regulation) and news that have affected the sector. 


Wednesday, May 30, 2018

Downloading vulnerability...

Have you ever counted how many apps there are in your smartphone? You should. The average user has 28 downloaded apps in their phone, but the number of downloads is way bigger. Almost every day we download apps of all kinds and delete others, so the traffic in our smartphone never stops. This means the highway to hackers. In the war between iOS and Android, when the stores are fighting, Android loses.  

The security evaluation done by Appknox and Seworks says that more than the 84% of the buying apps in Android have three or more high-level security vulnerabilities.


Monday, May 28, 2018

Back to the Future

Marty McFly, a teenager, is friends with Doc, a scientist that everybody believes he’s crazy. When Doc creates a machine that can travel through time, an error makes Marty get to the year 1955, before his parents met. After stopping their first encounter, he should get them to meet and marry; if else, hi won’t exist anymore. Going back in time to avoid making mistakes is something that could be great when talking about cybersecurity. 



In our interest to show the newest in the sector, it’s worth reading today’s interview to David G. DeWalt, founder of NightDragos Security and partner in Allegis Cyber and Momentum Cyber and more than other 15 companies, for Cyber Defense Magazine. David G. DeWalt is also known for being the vice-president of Delta Air Lines in the security department. David will guide us through the timeline of cybersecurity because to know the future, we have to know how it all started. 


Friday, May 25, 2018

A trip to Las Vegas

Get ready because we’re going to Las Vegas! As it happens in cybersecurity, Las Vegas is a city where you can surprise you at any time. Because of that, this week news review is about the city of lights, casinos and gambling. We have our cards to play against hackers. Who will win? 

Cybersecurity workers are tired: a non-efficient work with loads of weak passwords, vulnerabilities in BMW and not-safe-enough networks in big cities, like Las Vegas.


Wednesday, May 23, 2018

The first thing you do when you get to the office

Its 9am, you make your coffee and sit in your work seat to start your working day. The first thing you do is to check your Outlook mail, then you work on your PowerPoint presentation and then you insert names and phones in the company Excel database. Office365 is the suite that we most use in a daily basis and in most of the companies that work with data and confidential information for organizations, but… Is it safe? 

As a result of the Redmon expansion, there’s the risk that more threats are happening inside its structure, and more precisely, inside the email. Osterman Research informed in 2017 that 41% of the organizations aren’t sure of what to do when complementing their safety.


Monday, May 21, 2018

Hacking The Pentagon

Today we’re going to talk about The Pentagon, the headquarters of the Defense Department in the United States. In this building, 23.000 militaries and citizens are working along 3000 supporters. The Pentagon is located in Arlington, Virginia.  Right now, The Pentagon is the biggest office building in the world. What’s interesting about it is that it’s also one of the most protected buildings in the world. It’s is nothing more than the United States Defense Department, what makes the government make great investments in their security to store there new and technological projects. But, what would you say if they tried to hack their own system? 


In today’s interview to Lisa Wiswell from Grimm & HackerOne, Security area’s leader with more than 10 years in programming experience and cyberwar, talked about the program “Hack the Pentagon”.


Friday, May 18, 2018

A game in the work break

After several hours working with your computer, hours by the phone with a client, long meetings starring at a clock, it’s finally your resting time at the office. They’ve talked to you about a really cool game for your smartphone so you download it so you can be distracted. You play a couple of games while making your coffee in the machine and you read your personal email on the computer. It all seems harmless…  

By using the computer in your workspace for your personal stuff you are risking your personal and your company data and information.


Wednesday, May 16, 2018

A slot machine through the clouds

Slot machines, the gaming machines in where you introduce a coin and have the possibility of winning the big prize and making it expulse hundreds of coins. Less and less slot machines can be seen because nowadays you can play those games on the internet. There’s invisible money, invisible prizes and also, hackers waiting for their opportunity to get their own prize. When migrating company data to the cloud, hackers insert the coin that will make them winners of the big prize: a coin with a value of millions of dollars if they play it right. 



Cryptohacking has become a main flow between hackers and companies that are fighting to learn the fulfillment requirements in the public cloud, as said by the last RedLock research. 



Monday, May 14, 2018

Let's play Risk

Risk is a classic board game that we all know about. It was really popular in the sixties and it was in everyone’s home. Based on the Napoleonic wars, Risk needs a strategy to conquer the board and to defeat your enemy. Dices, cards and luck are combined in this game. It happens the same in the battle for the cyber world, where you have to make your choices right to not get trapped by the enemy. The strategy is the key.  

Cybercrime costs millions and millions of euros each year to companies, and Smarttech247 is playing a major role in this battle. Ronan Murphy, founder and executive director from Smarttech247 was interviewed by Pádraig Hoare and talked about the smartest ways to fight against cybercrime. 


Friday, May 11, 2018

Cyber "Got Talent"

Every day we see dozens of talent shows in which contestants have to show their abilities in front of a jury that will not allow one mistake. Artistic pressure is higher when performing in front of cameras and a very strict audience. Contestants are usually young and without experience that are fighting for their first big opportunity. 


In the Cyber Security world happens something similar. Instead of showing a talent in front of a jury, you have to do it in front of external threats. As it happens in the shows, the time is limited. These are “new” jobs that are being watched by young people as their big opportunity. Are these young people the key to build the cybersecurity walls? 


Wednesday, May 9, 2018

A business trip

It’s Monday morning and your boss tells you that during the next week you’re going to leave town to meet a client. You are ready, from the hotel booking to the suits you’re going to need and, of course, the mobile phone and the laptop. Both of them are used for saving secret information about the company but you have no worries. Cyber Security is important for your company so your data is well saved. But are you sure that the information you’re traveling with is that safe?  


Trustwave tells that the 25% of the infractions in information are caused by error or by an employer. It’s necessary for companies to offer information to guarantee that the workers are ready to protect the information that they carry while traveling and to avoid human mistakes.


Monday, May 7, 2018

Cybersecurity is a team sport

Football, basketball, Rugby … They’re all team sports in which some participants work together in order to achieve a goal. Each one of them has a key position to win the match. Working together and mastering a perfect tactic during the game are going to determinate if you win or if you lose. If every person playing plays with its own strategy, it would be a disaster. Even if they’re really good, a goal keeper won’t be able to stop every ball without the help of the other team members. 


In Cyber Security it happens the same. Teamwork between private organizations and the government is necessary. David Koh, Singapore’s cybersecurity chief, explains it in an interview to GovInsider magazine. 


Friday, May 4, 2018

The seed of cybersecurity

They say that everyone collects what they have planted. This could perfectly explain the cybersecurity situation that companies and personal are in. Cybersecurity lands are relatively new and dangers have come even before the harvest. As human beings, our learning is mistake based and it hasn’t been until now that we have met the dangers that are threatening our lands. Now it is our turn to work.  


It’s obvious that hackers aren’t going to stop until the attacks until they’ve reached their goals. Because of this, we should be working on protecting our information. Companies and people are being observed by hackers and danger awareness is a key in this learning process.  



Monday, April 30, 2018

When physicians need a doctor

Have you ever wondered if  physicians with health problems visit a doctor? Unless you are stubborn like Doctor House, everyone with a problem needs solutions. Medical devices are also vulnerable to cyberattacks and can risk not only the info and stored data, but the patients health too. Recently, Facebook and Uber users data have been affected by security breaches, as in Healthcare, in which the info of 18.000 member was leaked. 



In 2017, FEDA confirmed the vulnerability of  the implantable heart devices known as cardiac pacemakers. If they are hacked, cybercriminals could use their access to these devices to  prematurely empty the battery or changing the device frequency, killing the bearer.


Friday, April 27, 2018

The hale and the turtle

This tale starts with a turtle betting, tired of the mocks of the hare, that she could be as fast as her. When the race starts, the turtle moves slowly to the finish line. The hare, knowing she was faster, laughs at her and waits sleeping in a tree. The turtle gets to the finish line and the hare doesn’t notice it. The hare runs but it’s too late and the turtle wins the race.  



The GDPR moves firmly to get to their next implementation. Despite what people could believe, a lot of companies are working on it. But some other companies are not. Will the tale of the hare and the turtle be repeated? 


Wednesday, April 25, 2018

Don't forget that we are humans

It’s quite common that in sci-fi movies are the robots the ones that rule the world. In the “I, Robot” film, Will Smith tries his best to end with this idea and to make a more human world. What happens? An error occurs in a robot and Will Smith ends up nearly killed several times when fighting an infected droid. Nowadays, analysts aren’t in that point but sometimes they can be overwhelmed by the amount of threats they can be dealing with every day. The solution can be found where human experience and automation meet. 




LogicHub realized a survey in the RSA Conference in 2018 and they identified that 79% of the surveyed thought that human experience and automation of safety are the perfect combination for a powerful and safe infrastructure that will keep cyber-attacks away.


Monday, April 23, 2018

Playing hide-and-seek among world powers

Relations between Russia and the United States haven’t been the greatest in a long time. The ways they’re attacking each other have evolved and what several years ago were tanks soldiers and bombs, nowadays are silent attacks that affect our devices and cause unthinkable harm to companies and infrastructures all around the world. These cyber-attacks have made the world against the player playing hide and seek: Russia. 



The United States are accusing directly to the Russian Government of aiming their attacks against their organizations to interfere in their presidential elections. These days, USA and British intelligence public servants are aware that these Russian hackers are trying to penetrate personal computers in order to make future cyber-attacks.  


Friday, April 20, 2018

Unfollow to cyberattacks on your smartphone

As times passes, smartphones have become an extension of our body. We communicate by them and we show private parts of our life without knowing how many people can actually see our information. Likes, Follows and Hashtags are often used by us, letting some of our information to some companies that might not be transparent. Today, we are going to talk about this week’s main news to share with you the last information in apps and smartphones security.  


Cybercriminals have discovered a great opportunity in apps vulnerability and in the blind trust we have in them. We install applications from third parties without checking the origins and we accept terms and conditions without reading them. We post information online. Technology has become the window to society.


Wednesday, April 18, 2018

Catfish business

Online flirting, what a world. Millions of profiles are created every day in dozens of apps to find the love of your life. But, do you know who is behind those profiles? In a sea of users, there’s always the “catfish”. This happens when a person lies about their identity in social networks and it can be just for fun or looking to swindle. These profiles aren’t only in flirting apps but on every social network. There will always be someone with dishonest intentions.  



Researchers from the Ben-Gurion University in Negev and the Washington University have created a new method to discover what profiles are fake in most social networks. 


Monday, April 16, 2018

Cybersecurity, a matter of humans

“Man is imperfect but perceptible”. This can be the sentence that bests define the human kind. As humans we are imperfect, but in our own nature we have the capacity to learn from mistakes and to achieve our perfection. We can’t forget that even if we are immersing in the seas of cybersecurity, what’s moving everything online is the human factor. 




It’s common to see cybersecurity as a technic factor, but that’s far from the truth. A lot of companies trust entirely in technology when protecting their information and, occasionally, there’s the mistake. Oz Alashe, Founder and CybSafe SEO, wants to change our mind, Understanding cybersecurity driven by humans.


Friday, April 13, 2018

When the data protection goes "Des-pa-cito"

Facebook, Instagram, Twitter, WhatsApp, Youtube, VEVO, Spotify, Uber... and so many more are the apps we are using in a daily basis. As users we can only use the recreational and social side of them. But the truth is that they know about us so much more than we know about them. As the “Despacito” song said “Let me exceed your danger zones…” and most of the time, that’s what’s happening. 



You could say it hasn’t been the best week for some of the social networks mentioned. Privacy Policy is still a delicate matter that we should not take lightly.  


Wednesday, April 11, 2018

Ready, set, go!

Cybersecurity problems don’t warn us. They can happen and will sound the alarm right when you less expect it. Are we truly ready for them? In the majority of global organizations, the answer is a yes. But the amount of time needed in detecting and controlling these problems is very important. In this race not only contestants matter, but the first ones to get to the end. 



The LogRhytm study, by Widmeyer, in which 751 TI experts from USA, UK and Asia have been involved, says that half of the global organizations are capable of detecting an important cybersecurity incident in less than an hour. The scariest thing is that less than a third of the people surveyed said that they wouldn’t be able to detect it or even solve it in that amount of time.

Cybersecurity is still a pending subject in companies. It is common that they focus on security maturity and they number of people in it. The survey revealed that the professionals in cybersecurity average number in a company are 12. More than the half of the companies has less than 10. 

One of the most frightening results from this survey is the level of confidence that the security managers in these organizations have. Half of them think that, despite their job, a hacker may violate and attack their company. More than a 33% of the surveyed said that they have had suffered a violation during the last year (29% in the USA and 39% in Pacific Asia), so the responsible people in decision taking aren’t trusting their abilities in a 100%, in the same way, that they don’t do it in their software. 

As mentioned in the beginning of the article, finding a fast solution is very important and has to do with several points like the technology, the process, the software or the people involved.  In the technology matter, the 80% of the surveyed explained that an administration platform for cybersecurity, analysis and response would be helpful, but not very helpful. We can sense some kind of insecurity when cyber-attacks and their neutralization. A third of the surveyed said that they’d need help during them.

As a conclusion, big world organizations see themselves unprotected in cybersecurity world. It might be because of the number of people working on it or because a lack of investment. They’re racing in a race in which a lot of times they are not the ones to get the gold medal. 



Monday, April 9, 2018

Pirates of the Cybercaribbean

The cybernetic seas are very deep and dark. Defending the fleet against other pirates is complicated for companies. As in the movie "Pirates of the Caribbean", you will run into pirates like Jack Sparrow, who will go all out to get their treasure. But, what if you put yourself on their side and include "the bad guys" in your ranks?



Cybersecurity in companies is an aspect that entrepreneurs often ignore, but increasingly, the leaders of these are being aware of the risks they face if they do not protect their data against the "hackers". Hiring the pirates or university students is an option when it comes to investing in cybersecurity for your company. Laurie Mercer, a solution engineer at HackerOne, talks to us about direct recruitment through bonus programs in the interview that we share with you below.

According to HackerOne's most recent hacker reports, almost 12% of HackerOne hackers earn around $ 20,000 per year for error bonuses. But what leads companies to hire pirates among their workers? Laurie Mercer gives us her point of view: "From a recruitment aspect, Yelp realized that this was a way to find talent, since they were people who normally could not access that position because they had not finished college or they didn't have security experience that allowed them to pass through the human resources department. "

HackerOne is a platform that facilitates communication between a company's security team and hackers. It currently has more than 166,000 registered users, which means that more and more companies are becoming more receptive to the disclosure of their vulnerabilities and trusting these "pirates". As Mercer says, they have found an innovative way to find talent and match talent with the needs of each company.

As Laurie Mercer says: "We receive messages from students who tell us they read our Hacktivity feed, a hacker named Jack Cable is using the reward money to pay for his studies at the university." The young man, with only 17 years old, was able to finish with 200 reports of vulnerability ranking among the 3,000 best of HackerOne. Mercer said that from that moment they realized their talent, and today is waiting to conduct a job interview with the Defense Department.

The reputation system of HackerOne works in the following way. Each time a hacker sends a vulnerability that is accepted, it is rewarded with points to climb in the "ranking", and in case the vulnerability presented is not accepted, they lose reputation points. At the top of the ranking, users can access to work with private clients according to their scores. The companies trust more in these users, since as Mercer says: "some people see it as an advantage and the poacher became a forester".

In conclusion, Laurie Mercer was asked if she believed that a greater exposure of the vulnerability of companies and the participation of clients would help cybersecurity professionals in the future. Mercer answered: "We all benefit from the work of the community, because it is helping the internet security in general, but the opportunities offered by participating companies also help to encourage hackers, help them gain experience and even get a job. "

On many occasions you have to ally with the enemy pirate to defend against fleets much larger than yours. Information is power, and in the 21st century data is the treasure most sought after by cyber-pirates.








Friday, April 6, 2018

"Snakes on a plane"

Who does not know the movie "Snakes on a plane"? A group of passengers gets into an airplane in which an FBI agent has to escort a witness to Los Angeles. A murderer releases poisonous snakes inside the flight to kill the witness and thus can not testify.





Precisely, this week we talked about cybersecurity in airlines, which are some of the companies that need more investment in information security, due to the complexity of their systems, but what if all companies had their own "snakes"? "between your systems?




Wednesday, April 4, 2018

Sleeping with the enemy

Companies and institutions increasingly invest a greater percentage of their budget in securing their digital perimeter to protect themselves from the growing number of attacks and external threats. But ... have we considered what happens if we raise huge walls to protect us from the outside but our enemy is already inside and is part of our organization?

                                    

That same question is the one made by those Global Data Risk Report managers prepared by Varonis and we do not know if the answers can be described as surprising, but certainly are worrying. This study shows that, as happened in Troy, most organizations are so concerned about their digital perimeter that they forget the need to maintain a minimum internal protection of their information to prevent it from circulating freely or falling into the wrong hands.

The report presented by Varonis is based on the analysis of the file systems of its actual or potential clients (about 130 companies) and focuses on the different risks that a company with an acceptable level of digitization currently has to face: security breaches, internal threats (what we want to highlight today) and external attacks, such as ransomware.

If we break down the data of the study, the panorama of the protection of the systems and corporative networks in front of its own employees is bleak: 21% of the folders with information are accessible to all the employees and 58% of the big companies analyzed have at least 100,000 folders that can be consulted by anyone

It also draws attention to the fact that 54% of the information stored by the companies is obsolete, so many resources are dedicated to protect some data that actually have no value and that could have been eliminated, reducing not only the load of cybersecurity equipment, but also reducing the costs of maintenance and operations of its infrastructure. In addition, 34%  of users included in these systems are also outdated and many of them are former employees who could have access to the information.

Let's focus on another fact that surely surprises many professionals of the infosec: 46% of the companies analyzed have at least 1,000 users whose passwords never expire or have been renewed, which means a clear Achilles heel in the defense of information stored, even more if we take into account that 41% of companies have at least 1,000 files with sensitive information available to any user with access to the system.

We have already discussed several times that the security of any defense is as strong as the weakest of its links,so we believe that this study is especially interesting to make us reflect on the importance of cleaning in our own house and to bring order, because if we do not, we can feel safe ... without knowing that we are sleeping with our enemy.

Monday, April 2, 2018

High flown cybersecurity

If there is one sector that is especially concerned with safety, it is undoubtedly the airlines. Since customers are going to carry out an activity, fly, which is totally alien to their morphology, there are a whole series of protocols that regulate all aspects of what will happen on the flight: from user behavior to mechanical checks in triplicate to do before takeoff, approach or what routes should be followed when landing in the direction and strength of the wind.


Therefore, it should not surprise us that a sector so concerned about security pay special attention to the protection of their information and computer systems, since a failure can have catastrophic consequences. In addition, because of the strategic importance of this sector and its dependence on technology, they are forced to face very specific challenges and threats. Of all this, Darren Argyle , the former CISO of Quantas airline speaks in the interview that we share with all of you below.


Wednesday, March 28, 2018

Hunting trends

Do you know the term coolhunter? These professionals have a clear goal, to anticipate a fashion or trend in order to anticipate them and be the first to put them into practice. You need a very specific profile, innovative and visionary.


Like coolhunters, cybersecurity also has its hunters. Cofense is one of them and recently published Cofense Malware Review 2018. This document identifies the trends that defined the cyberattacks received during the year 2017 and based on them, the emerging trends are forecasted for the year 2018.


Monday, March 26, 2018

Study and protect

Exactly 30 years ago, in 1981, the disease named Acquired Immunodeficiency Syndrome (AIDS) was described for the first time. There has been a continuous improvement in the treatment of this disease, but it has been since 1987 when they have begun to develop antiretrovirals that have removed the deadly character of the disease. This has been achieved thanks to an exhaustive study of the life cycle of the virus that has led to the blockade of its development. More control has been able to stop the virus.

Last week, the California Department of Technology (CDT) announced the launch of a comprehensive program that evaluates systems at the state level with the aim of improving its cybersecurity measures. In this case, it is also intended that the exhaustive study of each one of the departments allows avoiding "virus". This tool is very innovative and places California at the head of the cyber career, being the first state in the nation to launch a matrix of this style.


Friday, March 23, 2018

Reinvent yourself or die... also in cybersecurity


Maybe the title of this blog seems to us a topic in these times, where all companies are immersed in processes of digital transformation and where technological advances have an immediate impact on society. Maybe this relationship is logical, but today we are going to focus on how the "evil ones" are striving to renew their bad arts, as we have seen throughout this week, full of news relevant to the cybersecurity sector.


Undoubtedly, one of the news related to our sector that has had the most impact (even in general media) has been the "discovery" that Cambridge Analytica tried to influence US voters during the last presidential elections using information compiled from 50 million Facebook users. This leak has led the dismissal of the director of the company, a significant loss of confidence of Facebook users in its social network (giving rise to the #DeleteFacebook movement) and an important drop in the stock market valuation of the Zuckerberg’s company, as well as the loss of important advertisers.


Wednesday, March 21, 2018

Protect your heels

The famous story of Achilles, the courageous and fast hero who was part of the Trojan War. Despite his courageous participation in this historic battle, the Trojan warrior has become famous for his weaknesses. His death, at the hands of Prince Paris with a poisoned arrow shot at the heel, it could have been easily avoided if he would have protected his best-known weakness.


As in Greek mythology, there are many companies, even entire sectors, that are not able to protect their heels. The increase in cyber attacks in the Middle East is a fact and, despite continuing to increase, they are often not detected early. Despite being so widespread, it seems that cybercriminals have found where to look, according to the study by Siemens and Ponemon Institute, more than 30% of the attacks are focused on operational technology (OT).


Monday, March 19, 2018

When forced entry becomes digital

One of the worst crimes against property that we can suffer is the housebreaking, the economic damage it causes is added to that strange feeling of knowing that a stranger has been fiddling among our personal effects, breaking the inviolability of our domestic sanctuary.


If you have suffered a similar situation or you can put yourself in the victim's shoes, get ready ... because in the digital world these type of actions are becoming more frequent, for example, before the ransomware only intended to block your information, now It leaves a window open to this type of attacks. That is why today we want to share this interview with Tom Kellermann, Chief Cybersecurity Officer at Carbon Black, and an expert on all types of digital threats.


Friday, March 16, 2018

Who said cyberwar?

In cyberwar the most powerful weapon does not fire, it types. Far from being an eccentricity or the plot of a science fiction film, the cyberwar is increasingly present. Attacks, leaks of information and cyber-espionage begin to be mundane issues that reach the mass media. Is a cyber war approaching? Or is this already happening and we are not realizing it?


Wednesday, March 14, 2018

Prevention is your best attack

It was not until July 3 and 4, 1940, when the British detected the first signs that the invasion of the British Islands was being prepared. Despite making aerial examinations of the area looking for artillery constructions, they did not find anything remarkable, or in case of finding it, they did not find it sufficiently important to take action. It was not until September first that the British people were able to confirm that there were clear signs that the invasion of England was taking place.


History leaves us many lessons to learn, and this leaves us a great lesson: early detection and a good defense strategy can save you a lot of casualties. From CIGTR, we have already talked several times about the risks and cyberattacks that the health sector faces. The latest study named "Impacts of cyber insecurity on healthcare organizations" shows exactly what are these challenges and how companies face them if they do. In this survey, 627 executives in the sector have been interviewed. Do you want an advance? 62% admit to having suffered an attack in the last year. In many of these cases, the losses were translated into patients’ personal data.


Monday, March 12, 2018

Wash you hands

Cholera, hepatitis, rotavirus ... are terms that you're never happy to hear about but, what if we tell you that they can be simply avoided by using easy hygienic habits? As simple as washing hands or washing food before consuming them can prevent a lot of health problems.


In cybersecurity, hygiene is also important, the hygiene of you and your employees "cyber-routines" build a good basis on which to build your security strategy.  This week we want to give voice to Robert Herjavec, investor in ABC'S Shark Tank and founder / CEO of the cybersecurity services company Herjavec Group. From CIGTR, nowadays we want to share their point of view about the current outlook of the cybersecurity industry thanks for this interview conducted by Forbes.


Friday, March 9, 2018

The tailor´s wife is…

We already know how the saying ends, and that´s because this saying, with its respective translations, is known worldwide. What comes to express is that there are people who neglect in their immediate environment precisely what they are professionally engaged. This week we want to leave a couple of "tailors" who have also neglected what precisely was their job.


Wednesday, March 7, 2018

The honest trick

Not long ago Winter Olympics were held and among other things, some athletes who have tested positive for doping substances have come to light. If there is someone who has stood out, and not because of her good results, it is Nadezhda Sergeeva. The Russian athlete who months ago posed with a sweatshirt that said "I don´t to doping" tested positive for trimetazidine. Everyone has their tricks but of course, some are more honest than others.


In the cybersecurity world, sometimes you also need a little push to catch up with the competition. The knowledge gap has a direct impact on the productivity of companies and in this context, automation arises to give a boost to profitability. Indeni and GNS3 have surveyed more than 700 engineering and operations professionals worldwide.


Monday, March 5, 2018

Trust is blind and dangerous

When trust is on the table, the world divides in two. One side of the population will say that as human beings, we are trustful by nature. It’s in our genes as social animals and the necessities of our society. On the other hand, some may say that human beings are distrustful.  


This division will probably be something that will remain in time, but, as we can see in the news, cybersecurity world must be careful. In CIGTR we want to focus on Bill Mann’s, product director in Centrify, interview made by TechRepublic and ZDNet. In this interview, Bill Mann, explains his point of view on how companies should work on a zero trust basis if they want to be protected against cyberattacks. 


Friday, March 2, 2018

Do you feel safe at home?

Insecurities are bad but when you feel them at home they’re the worst. At home is where you should be feeling safer, and you should be doing what you can in order to achieve it. Can you even think about going to sleep leaving the keys in your doormat? Well, in cybersecurity, some people even leave the door open with a giant neon sign begging for people to come in. In this post we will revisit some of this week’s news and we will encourage you to buy a good bolt.